﻿<!--#include file="const.inc"-->
<%
'====================================================================
' 感谢使用晴天3G智能建站系统..
' 作者:梁永强.QQ:766750857
' 官方网址:wap.qt3g.com
' 声明:软件版权归作者所有,没有经过作者本人同意不得非法破解和传播本程序
'====================================================================
%>
<%

Response.Expires = -1
Response.AddHeader "Pragma", "no-cache"
Response.AddHeader "Cache-Control", "no-cache, must-revalidate"
Server.ScriptTimeOut = 3600
select case v
case "0"
we0="<br/>"
%>

<card id="login" title="上传文件"><p align="<%=qingtian.px%>">
<%
case "1"
hr="<hr>"
zi="<span style=""color:#FF5500"">"
zi0="</span>"
we="<div class=""footer"">"
sou="<div class=""block4"">"
dao="<div class=""navi"">"
we0="</div>"
%>
<title>上传文件</title>
</head>
<body>
<!--#include virtual="/css.inc"-->
<%

End Select
on error resume next
tp=request.querystring("tp")
namer=session("username")
if sid="Null" then
	%><%=we%><%=qingtian.utf8("你还没登陆,请先登陆。")%><%=we0%><%=sou%>
	<a href="login.asp?sid=<%=sidd%>&amp;url=board.asp?listid=<%=listid%>"><%=qingtian.utf8("马上登陆")%></a><%=we0%>
	<%
else
if qingtian.zfff("zft")=false then
qingtian.err("你的积分不足,系统禁止你上传文件,上传文件最小需要积分"&qingtian.confff("zft")&"")
end if


			dim ip,name,content,member
	dim sql,filesize,upfile,AllowFileExt,formPath,i,fileExt,uploadsuc,ranNum,filename,upfilesize,UploadPath,FilePath,errs
	dim FsoObj1,Upload,File,FormName,path,FilePath2
	errs=false
	UploadPath = "photo/"
	FilePath = Request.ServerVariables("SCRIPT_NAME")
	FilePath=left(FilePath,instrrev(FilePath,"/" ) )


	FilePath2 = server.mappath(Request.ServerVariables("SCRIPT_NAME"))
	FilePath2=left(FilePath2,instrrev(FilePath2,"\" ) - 1 )
	path=FilePath2  & "/" &  UploadPath & year(now()) & "\"
	UploadPath=UploadPath & year(now()) & "/"


    			Set FsoObj1=Server.CreateObject("Scripting.FileSystemObject")
			IF FSOObj1.FolderExists(path) = False then
   			FsoObj1.CreateFolder(path)
			end if
			Set FsoObj1=Nothing


	path=path & month(now()) & "\"
	UploadPath=UploadPath & month(now()) & "/"


    			Set FsoObj1=Server.CreateObject("Scripting.FileSystemObject")
			IF FSOObj1.FolderExists(path) = False then
   			FsoObj1.CreateFolder(path)
			end if
			Set FsoObj1=Nothing


	path=path & day(now()) & "\"
	UploadPath=UploadPath & day(now()) & "/"



    			Set FsoObj1=Server.CreateObject("Scripting.FileSystemObject")
			IF FSOObj1.FolderExists(path) = False then
   			FsoObj1.CreateFolder(path)
			end if
			Set FsoObj1=Nothing

	FilePath=FilePath & UploadPath

	dim filetype


	Set Rs = Server.CreateObject("Adodb.Recordset")

	Sql = "SELECT [upfile],[filesize],[format],[filetype] FROM [qingtian_bbs_config]"

	Rs.Open Sql,conn,1,1
	if not (rs.bof and rs.eof) then
		filetype=rs("filetype")
		upfile=rs("upfile")
		upfilesize=rs("filesize")
		AllowFileExt=rs("format")
	else
	end if
	Rs.close
	set rs=nothing


if upfile=true then

	set upload=new upfile_class ''建立上传对象
	upload.GetData(upfilesize*1024)   '取得上传数据,限制最大上传100M

	if upload.err > 0 then  '如果出错
		select case upload.err
			case 1
				%><%=we%>请先选择你要上传的文件！<%=we0%><%
				%><%=sou%><a href="photofile.asp?tp=<%=tp%>&amp;sid=<%=sidd%>">返回修改</a><%=we0%><%
				errs=true
			case 2
				%><%=we%>你上传的文件总大小超出了最大限制（<%=upfilesize%>KB）<%=we0%><%
				%><%=sou%><a href="photofile.asp?tp=<%=tp%>&amp;sid=<%=sidd%>">返回修改</a><%=we0%><%
				errs=true
		end select

	end if



			ip=Request.ServerVariables("REMOTE_ADDR")

                 photoContent=upload.form("photoContent")
                 photoview=clng(upload.form("photoview"))

if photoContent="" and tp<>2 then
%><%=we%>相片说明不能为空，请返回重试！<%=we0%>
<%
errs=true
end if
if len(photoContent)>30 and tp<>1 then
%>
<%=we%>相片说明最多30字，请返回重试！<%=we0%>
<%
errs=true
end if
	AllowFileExt = Replace(Replace(Replace(UCase(AllowFileExt), "ASP", ""), "ASPX", ""), "|", ",")

if  errs=flase then

	
for each formName in upload.file 
EnableUpload=true
		set ofile=upload.file(formName)  '生成一个文件对象	
		upfilename=ofile.FileName		
		oFileSize=ofile.filesize	
		sizes=cstr(round(oFileSize*1024))		
		fileExt=lcase(ofile.FileExt)
    		fileExt=trim(fileExt)
    
    		if fileExt<>"" then
		arrUpFileType=split(AllowFileExt,",")
		for i=0 to ubound(arrUpFileType)
			if fileEXT=trim(arrUpFileType(i)) then
				EnableUpload=true
				exit for
			end if
		next
    		else
  			EnableUpload=true
   		end if

		if InStr(fileEXT,"asp") > 0 or InStr(fileEXT,"asa") > 0 or InStr(fileEXT,"aspx") > 0 or InStr(fileEXT,"exe") > 0 or InStr(fileEXT,"bat") > 0 or InStr(fileEXT,"dll") > 0 or InStr(fileEXT,"cer") > 0  or InStr(fileEXT,"cdx") > 0  or InStr(fileEXT,"cgi") > 0  or InStr(fileEXT,"com") > 0 or InStr(fileEXT,"htr") > 0 or InStr(fileEXT,"stm") > 0 or InStr(fileEXT,"php") > 0 or InStr(fileEXT,"jsp") > 0 or InStr(fileEXT,"java") > 0 then
		 EnableUpload=false
		end if
                 if not (fileExt="gif" or fileExt="jpg" or fileExt="jpeg" or fileExt="png") then
                        %><%=we%>图片格式错误！<%=we0%><%
				errs=true
                 end if
		if EnableUpload=false then
			%><%=we%>请选择文件上传！这种文件类型不允许上传:asp|asa|aspx|exe|bat|cer...如果需要上传联系管理员开通(网站基本信息设置)或请先rar（压缩后）再上传<%=we0%><%
				errs=true
		end if
		if oFileSize>(upfilesize*1024) then
      			%><%=we%>图片大小超过了限制，最大只能上传<%=upfilesize%>K的文件！<%=we0%><%
				errs=true
		end if
		if oFileSize=0 then
      			%><%=we%>请先选择你要上传的图片！<%=we0%><%
				errs=true
		end if


		if errs<>true then
randomize
ranNum=int(90000*rnd)+10000
			filename=year(now)&strMonth&strDay&hour(now)&minute(now)&second(now)&ranNum&"."&fileExt

			ofile.SaveToFile Server.mappath(FilePath&filename)   '保存文件   
    
     		end if
	
		set ofile=nothing
		
	


	if FileName<>"" then

       realpath="/photo/"&UploadPath & FileName
       if tp<>2 then
       dim intsql,tempcontent 
       intsql= "insert into qingtian_upfile(username,fid,format,YD_size,files,smallfiles)values"
       intsql= intsql & "('" &namer& "',"&qingtian.nid&",'" & fileExt & "','" & sizes & "','" & realpath & "','" & realpath & "')"
       conn.execute(intsql)
       end if

'--------看空间支持与否------------		
dim wi,hi,w,h,hhi
'命名方式
dim photoname,ranNums
randomize
ranNums=int(90000*rnd)+10000
if tp=2 then
w=150
else
w=80
end if
                dim j
		set j=server.createobject("persits.jpeg")
		j.open server.mappath(realpath)
                j.width=W
                j.height=W
		j.save server.mappath("/photo/photo/"& FileName)
		j.close
		set j=nothing
if err.number=0 then realpath="/photo/photo/"& FileName
dim upfileid
set rs=Server.CreateObject("ADODB.Recordset")
rs.open"select top 1 ID from qingtian_upfile order by id desc",conn,1,1
upfileid=rs("ID")
rs.close
set rs=nothing
 '将文件写入数据库hi/hhi
if tp<>2 then	
set rs=Server.CreateObject("ADODB.Recordset")
rs.open"select smallfiles,smallstr,filesname,photoContent,photoview from qingtian_upfile where id="&upfileid,conn,1,2
if not rs.eof then
         rs("smallfiles")=realpath
         rs("filesname")=upfilename
         rs("photoContent")=photoContent
         rs("photoview")=photoview
         rs("smallstr")=1
         rs.update
        end if
       rs.close
  set rs=nothing
end if     
'--------看空间支持与否------------

IF TP<>"" then
conn.Execute("update qingtian_user set touxian='"&realpath&"' where id="&qingtian.nid)
%><%=we%>您的头像已成功上传！<br/><a href="/user/space.asp?sid=<%=sidd%>">进入我的空间</a><%=we0%><%
qingtian.addong("上传了新头像")
else
%><%=we%>您的相片已成功上传！<br/><a href="index.asp?sid=<%=sidd%>">进入我的相册</a><%=we0%>
<%
qingtian.addong("上传了新相片")
end if
	else
		%><%=we%><%=qingtian.utf8("上传文件出错!")%><%=we0%><%
	end  if
 	
next
set upload=nothing   

end if	

	else%>
	<%=we%><%=qingtian.utf8("系统禁止上传文件!")%><%=we0%>
	<%end if%>
<%end if%>
<%=sou%><a href='p.asp?sid=<%=sidd%>'>返回社区相册</a><%=we0%>
 
<%
end Function 
%>
